Re: smartcards, electronic ballots
The voting apparatus may keep a serial record of each vote, in order, for auditing purposes. This is also mentioned in WAS's legislative text. Good lord no. Here in NY, the inspectors write down each voter's name on a log sheet with the names numbered in order, and write down the numbers in the voter book to make it easier to cross-check who voted. The log sheet has four or five NCR copies so that party poll watches can have copies. (The poll watchers use them to cross-check their list of registered voters so they know hasn't voted and so know who to call and remind them.) Obviously, the ballot is only secret because the equipment does NOT track the order in which votes were cast. Call me a sort of a Luddite, but I would like a system where you vote by pushing buttons of some sort, then the machine prints up a paper ballot with your choices on it in an OCR font or something else that is easily readable by both people and machines, and you can either release the ballot into the box if it's right, or put it into a discard pile and try again. Then the machine forgets everything, and they count the paper ballots to see who won. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: fyi: universal censorware-bypass program
In response, Peacefire has released a bypass program -- eponymously named "Peacefire" -- which can disable all popular Windows blocking software (Cyber Patrol, SurfWatch, Net Nanny, CYBERsitter, X-Stop, Cyber Snoop, PureSight) with the click of a button. The program is available at http://www.peacefire.org/bypass/ Someone who looked at this program reports that it just runs the uninstall programs for whichever of those applications it finds installed. Whoopee. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: DeCSS and first sale
[ I was at the beach, catching up now ] It is a test of will and power. Kaplan took offense at the widespread attitude that such an act was beyond the power of a judge, that judges not only should not censor thei internet, but that they *could* not censor the internet, that the internet was stronger than the judiciary. He's welcome to take offense. He's even welcome to take action. But in the end, has he been successful? Will he ever be successful? I agree that it was a poor idea to taunt the judge, but a key point that most people seem to be missing is that anti-DeCSS has nothing to do with fair use, practically nothing to do with piracy, but a great deal to do with the critical but poorly understood first sale doctrine, so the judge's decision is flatly wrong on fundamental legal principles. First sale says that once the copyright owner has sold a copy of something, he has no further claim on it other than to prohibit making further copies. This is why there's a market in used books and videotapes, why there are public libraries, why there is a video rental industry, and why you can import a lower priced foreign edition of a book or CD even if there's a domestic edition. Publishers hate first sale even more than fair use, and you often see fatuous complaints about the revenue "lost" to sales of used books. CSS is entirely about subverting first sale, since the only useful thing that the CSS crypto does is to assign each DVD a "region code" so that the DVD can only be played on players with the same region code. (As has been widely noted, if you want to pirate a DVD, you just copy the bits, no crypto needed.) The reason that they use region codes is that movies may already be on DVD in the US while still in theatres in Europe, or vice versa, and they want to prevent people from sending DVDs from one place to the other and undermining theatre revenues. If I were the movie industry, I'd want to prevent it, too, but if I were a judge interpreting the copyright law, I'd look to the first sale doctrine and say "tough noogies". The first sale doctrine is under attack in many ways under the guise of "digital rights management", attempting to treat material as leased to people with limited rights, rather than sold with full rights, even though the transaction is handled as a sale. It's one of the sleaziest ways that crypto is being used today. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Book on cryptography for programmers
In case you haven't figured it out, yes, I am seriously contemplating writing such a book. Please keep the good ideas coming. Oh, good. All of the discussion of algorithms is fine, but it seems to me that the most important topic in such a book is how to avoid building yet another crypto system with a ten-ton steel door and a cardboard back wall. I would include some horror stories of failed crypto, and perhaps a few pages on how crypto systems are broken or subverted. Also, you might develop a check list of do's and dont's, e.g.: * Don't try to invent a new crypto systems. Amateurs can't write secure crypto systems, as often as not professionals can't either. * Don't "improve" an existing system. * Do remember that "random" numbers usually aren't, and no amount of massaging them will fix that. * Don't assume that bad guys won't be able to read your source code. * Do have an explicit threat model so you understand why you're developing a crypto program in the first place. People obsess over credit card numbers being stolen in transit over the net, but the real threats are poorly secured DBMS back ends and merchant sites that are not what they appear to be. (Check out www.mcgrawhill.com, for example.) * Do be lazy. Before you try to write a network crypto package, for example, see if you can piggyback on SSL. SSL has its problems, but it's probably better than something you'll invent. * Do consider usability. If a crypto system issues 25 character random passwords every week, the passwords will all be written on post-its stuck on people's screens. If there's a rule not to do that, the post-its will move into the desk drawer. * Don't be seduced into doing something foolish for usability's sake, e.g., self-extracting executables with alleged encrypted data inside. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: what to call RSA
RSA Data Security does have some registered trademarks for encryption software. In principle, they're not enforcable against an algorithm as opposed to an implementation thereof, but considering how unpleasant RSA the company has been in the past, I don't see any point in picking a fight with them. I'd call it ASR, it's straightforward and descriptive, and makes it clear you're referring to the now-public-domain algorithm, not anyone's proprietary implementation thereof. Incidentally, the trademark for RSA as crypto software was only granted in March 2000. Too bad nobody thought to file an opposition letter claiming that it's merely the descriptive name of a mathematical algorithm. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
RE: Self Decrypting Archive in PGP
I think this is secure: - pre-distribute a public key (cert, whatever) that you trust - install decryption/sig checking software on the target machines (I think this is necessary) - when the blob is transmitted, send a signature (detached) and the executable self-extracting encrypted blob - when the blob is received, you need to check the signature (yes, requires neural activity at receiving end. or civil software than has a UI that helps with this...) - AFTER you checked the signature, execute the extractor/decryptor. But if you're willing to do all that, why not install the decryption software in steps 1 and 2, and then just transmit the encrypted file later to be decrypted by the program you already installed? I hardly need point out that this is how PGP actually works. Also keep in mind that authentication that a program hasn't been tampered with is only vaguely related to whether the program works. Microsoft sends out all their updates with swell digital signatures to prove that it's Genuine Redmondware, but they still find and patch a security hole roughly once a week. The majority of the security problems are not bugs in individual routines and programs, but exploits that use interfaces between two or more programs ways not intended by the authors. I would think that to be a very likely failure mode for a blob like the one above that's supposed to interface with an already installed security monitor. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Electronic elections.
I'm not sure I care for the elitist tone in Dan's posting either, but he raises some points that deserve serious consideration. Sure we have mail-in absentee ballots now, but the number of people who choose to vote that way is small and an absentee ballot split that varied markedly from the regular vote would certainly stand out. Actually, speaking as someone who has won a real world election so close it was decided by absentee ballots, that last part isn't true. Absentee voters have different demographics from the overall voter population -- they tend to be older and sicker. The village election here is held in March, and most of the absentees are older residents who spend the winter in Florida and tend to be more conservative and more Republican than the rest of the voters. But it's certainly true that a result markedly at odds with the regular vote skewed by the predictable biases of the absentees would raise eyebrows. Nonetheless, the absentee process is deliberately cumbersome and subject to public inspection to make it hard to spoof. Around here, you have to send in a paper application with a handwritten signature (unless you're on active duty in the military in which case you get the absentee ballot automatically), they send out the absentee ballot, you fill out the ballot, put it in nested envelopes, sign the outer envelope and mail it back. On the appointed day, the two commissioners, one from each party, open the envelopes, display the outer envelopes to everyone present who can challenge them if the signature looks wrong or otherwise doesn't look right, then they mechanically shuffle up the paper ballots and count them. The process is still subject to challenges similar to those for in-person voting, and I think that it's permissible to contact any voter with a questionable ballot and ask whether they sent one in. For the original question, I'd suggest a procedure similar to the one the ACM uses. They make up a bunch of random numbers with check digits, print them out, shuffle them up, and mail one printed number to each registered voter. To vote, you have to enter your number. This provides reasonable real world security that each voter is a real voter, while each vote is anonymous. Sorry that this procedure doesn't include any whizzo crypto features. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: GPS and cell phones
This is e911 service. Much as I dislike government intrusion, I sure would like to have a device with a button that says "call help and *tell them where I am*" Me too. The problem seems to be that the "call help" and "tell them where I am" functions aren't as closely coupled as we'd like. So, how long will it be until the vendors of such fine devices as cellular ESN tumblers start selling enhancement kits for your cell phone to put the noise back into the GPS data? Or maybe some extra noise while they're at it, I've used my cell phone via a tower 25 miles away, and over salt water I hear that people routinely talk to towers 100 miles away. And will the GPS software on the switch notice if the GPS data wildly disagrees with the location of the cell, and if so, what will it do? Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Blue Spike and Digital Watermarking with Giovanni
What use is the watermark anyway? It is only applicable to files generated for a specific, legally identifiable customer. Therefore it does not apply to pre-pressed CD/DVD etc. discs or to broadcasts via the Net, TV, radio etc. Well, serial numbers are somewhat useful in tracking pirate copies of stuff, since they make it easier to identify each "strain" of pirated stuff. But I agree that it's a whole lot less than why the digital watermark advocates would have us believe they can do. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: snake-oil voting?
Did any of you see this http://www.votehere.net/content/Products.asp#InternetVotingSystems that proposes to authenticate the voter by asking for his/her/its SSN#? It looked like the idea for this part was to prevent double voting, plus make sure that only authorized people could vote. It wasn't necessarily SSN, it could be name/address/date of birth or whatever. Similar to what is done when you go and vote in person. It's not similar at all. Here in New York, for example, where I used to be an election inspector, the voter list includes your signature, age, sex, and usually (if you gave them when you registered) your height and eye and hair color. Each voter has to sign, and if the signature isn't similar enough or the other items looked wrong, we'd ask for better ID. Each polling place has both Democrat and Republican inspectors, the inspectors for one party have an incentive to challenge dubious voters of the other party. This is a reasonable level of validation given that voters have to show up in person, making mass vote fraud a lot of work to organize. (For absentee ballots, your entry in the book is marked as absentee, so if someone got a fake ballot for you, you'd know when you tried to vote.) The combination of biometric info and personal appearance makes it fairly difficult to vote fraudulently. The SSN has become a pseudo-secret identifier. That is, the reality is that your SSN is widely available, but many organizations pretend that it's secret and will believe that anyone who presents your SSN is you. Given that the SSN is not secret, the lack of biometric data, and the reality that it's a whole lot easier to fake network transactions than to fake voting in person, this scheme screams "defraud me". Any security system needs a threat model. I can't figure out what the threat model for this system is other than "whip up something quick and easy". Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: snake-oil voting?
It seems clear that the system is primarily oriented towards preventing fraud by election officials and those involved in setting up the electronic voting. Historically, this is the greater danger in election fraud. Stuffing the ballot box is much easier if you are the one in charge of delivering the ballots or counting the ballots. If you actually have to get a bunch of people to try to vote under false names it is a huge undertaking and unlikely to be kept secret. Fraud by corrupting officials is much more cost effective and hence more dangerous. Indeed, but I don't see how this scheme offers any defense against ballot box stuffing. The election officials know the VERN and whatever "private" info the voters are supposed to provide for validation purposes, so it seems to me that it'd be no trouble at all to whip up a few thousand forged e-mails with exactly the right voter info, much easier than scribbling fake signatures into a book. To make a system like this forgery resistant, you need to collect some sort of token with each vote that's known to the voter but not known to the officials, so in case of doubt about authenticity you can go back to the voter and validate the token. In a world with widely deployed crypto, that would mean public key signatures, but lacking that, a question like "what color shirt are you wearing today?" might do. Having said all this, I realize that there's a tradeoff between security and usability. Anyone who owns stock in a publicly traded company has probably gotten a proxy form that refers to ADP's proxyvote.com. To vote there, you need only enter a 12 digit number found on the proxy form, or punch it into your phone if voting via their 800 number. That's pretty weak security, but it seems adequate for the purpose, since most corporate elections are uncontested or close to it. I have no idea if they use something more secure when they have an actively contested proxy battle. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: KISA Attack
For the past two days jya.com has been under attack by the Korea Information Security Agency http://www.kisa.or.kr which has set up (or allowed) a couple of robots to issue a sustained flood of requests for the same three files, one per second, which has nearly stopped access by others. Am I missing something, or can't you just put a router block against their network, 203.233.150/23 ? I realize this won't blow them off the net, but it'll make your web server usable again. Based on experience trying to get Korean spam relays closed, I would say there's about a 99.5% chance that this is due to administrative ineptitude and 0.5% that it's malice. In Korea even more than Japan I find extreme unwillingness to receive outside trouble reports, often compounded by the fact that I don't speak Korean or Japanese, and they don't read English well enough to understand a report in the first place. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Cracking the Code
The Cato Institute released a new Cato Briefing Paper, "Strong Cryptography: The Global Tide of Change," as the Clinton administration was announcing a relaxation in controls on the export of encryption technology. In the paper, Arnold G. Reinhold writes ... Arnold's a regular on this list. (He and I write books together, don't miss his crypto bits in the upcoming "Internet Secrets".) There's nothing in this paper that will be new to anyone here, but it's nice to see the, er, respectable extreme right wing weighing in exactly on the correct side of this issue. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Another web secure mail service
Visit http://www.1on1mail.com/ It has a downloadable Windows client that I haven't tried yet, and a lot of blather about how secure 2048 bit RSA keys are. It's free, supported by ads. I wonder if it puts them in the encrypted messages. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: entry level cryptography books
Alfred Beutelspacher: Kryptologie. Vieweg, 1996, ISBN 3-528-48990-1, 34.00 DEM, 179 p. I don't know unfortunately, whether someone has translated it already into English. I see a 1994 translation, which I presume is of an earlier edition: Cryptology, Paperback, 176 Pages, Mathematical Association of America, February 1994, ISBN: 0883855046, It may be out of print. None of the on-line stores claimed to have it in stock, although it's still listed on the MAA's own web site for $35.95. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Hearing on Melissa and Privacy, how Melissa was caught
Weiner said he was particularly troubled by reports that investigators tracked the Melissa suspect with help from both America Online and a unique identifying number attached to Microsoft software. My understanding is that they found the guy by going to Dejanews, finding the earliest copy of it they could in an alt.sex message posted from a phished AOL account, then going to AOL to get the session info including CLID or ANI, then looking up the guy from his phone number. The Windows ID number was a red herring, it traced back to some other guy who wrote a Word file that the perp edited the virus into. To me, this sounds like the way that a legal investigation of a computer crime should work, with the cops getting the subpoenas they need to retrieve the minimum information to solve the case. They didn't attempt to get all records about everyone who called into AOL that week, nor did they attempt to confiscate Deja News servers. I also note that other than pointing out that social engineering remains the most reliable way to crack a code, this ended up with practically no connection to crypto at all. It also makes you wonder what the guy was doing using stolen AOL passwords if he didn't have malicious intent. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: PGP 6.5/PGPnet Announcement!
There's bomb-proof security, and there's "security" that itself is a time bomb. I fear that self-extracting decryptors are much closer to the latter than to the former -- very much closer. At this stage, it's hard to see much justification for self-extracting crypto any more. There are widely available MTAs including Microsoft's Outlook Express that do a decent job with S/MIME. Outlook Express lets you store correspondents' public keys in your address book, so it's literally one click to encrypt messages in a reasonably secure fashion. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: How to put info in the public domain for patent puropses?
I f I recall correctly, the US Patent and Trademark Office has said that it would not consider information placed on the Internet to be published for patent purposes. Preparoing papers for journals or conferences is a pain, takes months to be published and runs the risk of rejection. How about one of the ACM SIG newsletters? They turn around pretty quickly, tend to print everything they receive give or take broad guidelines of topicality and legibility, and are considered real publications with ISSNs that you can find in libraries. Some years I considered starting a software invention disclosure journal in which people could publish hacks that they wanted to prevent others from patenting, but I figured that SIGPLAN would do as well. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Is a serial cable as good as thin air?
The problem is that we're trying to combine the answers to two rather separate questions. Here is the question: Is this as good as thin air? With suitable precautions as discussed already, most likely yes. Can you see any way a hacker could use such a connection to penetrate the bank's network? Sure, but you can do that with floppies, too, as also discussed. I think the real answer is "restate the question, please." Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47